Guide to the Secure Configuration of Red Hat Enterprise Linux 10
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Uninstall kea Package
If the system does not need to act as a DHCP server, the kea package can be uninstalled.Rule Medium Severity -
DNS Server
Most organizations have an operational need to run at least one nameserver. However, there are many common attacks involving DNS server software, a...Group -
Uninstall rsync Package
The rsyncd service can be used to synchronize files between systems over network links. The <code>rsync-daemon</code> package can be removed with t...Rule Medium Severity -
Ensure rsyncd service is disabled
Thersyncdservice can be disabled with the following command:$ sudo systemctl mask --now rsyncd.service
Rule Medium Severity -
Install sudo Package
Thesudopackage can be installed with the following command:$ sudo dnf install sudo
Rule Medium Severity -
System Tooling / Utilities
The following checks evaluate the system for recommended base packages -- both for installation and removal.Group -
Xinetd
The <code>xinetd</code> service acts as a dedicated listener for some network services (mostly, obsolete ones) and can be used to provide access co...Group -
Restrict Serial Port Root Logins
To restrict root logins on serial ports, ensure lines of this form do not appear in <code>/etc/securetty</code>: <pre>ttyS0 ttyS1</pre> ...Rule Medium Severity -
Uninstall xinetd Package
Thexinetdpackage can be removed with the following command:$ sudo dnf remove xinetd
Rule Low Severity -
Rlogin, Rsh, and Rexec
The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules